如何处理 rails 加密凭据文件中的合并冲突
How to deal with merge conflicts in rails ENCRYPTED credential files
使用 rails 6(或 5.2)个加密凭据,我 运行 难以管理和解决 credentials.yml.enc 文件中的合并冲突。如文档中所述,目的是可以将加密凭据添加到源代码管理中 (https://guides.rubyonrails.org/security.html#custom-credentials)
例如
branch_a 为 service a 添加凭据并合并到 master
branch_b 为 service b 添加凭据,并且在变基时,credentials.yml.enc 文件中的冲突如下所示:
<<<<<<< HEAD
sahdkajshdkajhsdkjahsdkjahsdkajhsdkjahsdkjahdskjahsdjkahsdencryptedstring-a09dpjmcas==
=======
laskdjalksjdlakjsdlaksjdlakjsdlaksjdlakjsdlajsdlkajsdlkjasdljalsdajsdencryptedstringrere=
>>>>>>> branch_b
我可以在每个分支上查看未加密的 credentials.yml.enc 并完全手动解决冲突,但是有没有更好的方法来一般地管理凭据以避免这些凭据冲突。
通常建议忽略版本控制中的凭据,即 .gitignore 并通过环境变量配置它们。
我认为没有更好的方法,不。
由于加密的性质,无法在加密状态下解析它。如果那是可能的,那将意味着您可以以某种方式知道加密状态下文件的值和密钥。
进行合并时,应解决源文件中的所有冲突,然后重新运行生成加密文件的命令,然后完成合并。
有可能。来自 rails credentials 用法:
=== Set up Git to Diff Credentials
Rails provides `rails credentials:diff --enroll` to instruct Git to call `rails credentials:diff`
when `git diff` is run on a credentials file.
Running the command enrolls the project such that all credentials files use the
"rails_credentials" diff driver in .gitattributes.
Additionally since Git requires the driver itself to be set up in a config file
that isn't tracked Rails automatically ensures it's configured when running
`credentials:edit`.
Otherwise each co-worker would have to run enable manually, including on each new
repo clone.
如果您没有 rails credentials:diff...
可以合并它们,但您必须解密它们。
处理合并冲突时,可以运行 git mergetool 应该生成4个文件:
config/credentials.yml_BACKUP_84723.enc
config/credentials.yml_LOCAL_84723.enc
config/credentials.yml_BASE_84723.enc
config/credentials.yml_LOCAL_84723.enc
您可能需要在一个终端 window 中 运行 git mergetool,在另一个终端中 运行 此脚本:
请注意,这将在本地计算机上公开您的凭据。
# Temporarily move credentials file to another location
mv config/credentials.yml.enc ~/Desktop/credentials_temp.yml.enc
# Copy local file to original location
cp config/credentials.yml_LOCAL_* config/credentials.yml.enc
# Decrypt and send decrypted credentials to desktop
rails credentials:show > ~/Desktop/credentials_local.yaml
# Delete the copied local file
rm config/credentials.yml.enc
# Copy remote file to original location
cp config/credentials.yml_REMOTE_* config/credentials.yml.enc
# Decrypt and send decrypted credentials to desktop
rails credentials:show > ~/Desktop/credentials_remote.yaml
# Delete the copied remote file
rm config/credentials.yml.enc
# Move credentials file back
mv ~/Desktop/credentials_temp.yml.enc config/credentials.yml.enc
# See diffs or open both
diff ~/Desktop/credentials_local.yaml ~/Desktop/credentials_remote.yaml
# Delete the decrypted files
rm ~/Desktop/credentials_local.yaml ~/Desktop/credentials_remote.yaml
本地在左边。遥控器在右边。
享受吧。
使用 rails 6(或 5.2)个加密凭据,我 运行 难以管理和解决 credentials.yml.enc 文件中的合并冲突。如文档中所述,目的是可以将加密凭据添加到源代码管理中 (https://guides.rubyonrails.org/security.html#custom-credentials)
例如
branch_a 为 service a 添加凭据并合并到 master
branch_b 为 service b 添加凭据,并且在变基时,credentials.yml.enc 文件中的冲突如下所示:
<<<<<<< HEAD
sahdkajshdkajhsdkjahsdkjahsdkajhsdkjahsdkjahdskjahsdjkahsdencryptedstring-a09dpjmcas==
=======
laskdjalksjdlakjsdlaksjdlakjsdlaksjdlakjsdlajsdlkajsdlkjasdljalsdajsdencryptedstringrere=
>>>>>>> branch_b
我可以在每个分支上查看未加密的 credentials.yml.enc 并完全手动解决冲突,但是有没有更好的方法来一般地管理凭据以避免这些凭据冲突。
通常建议忽略版本控制中的凭据,即 .gitignore 并通过环境变量配置它们。
我认为没有更好的方法,不。
由于加密的性质,无法在加密状态下解析它。如果那是可能的,那将意味着您可以以某种方式知道加密状态下文件的值和密钥。
进行合并时,应解决源文件中的所有冲突,然后重新运行生成加密文件的命令,然后完成合并。
有可能。来自 rails credentials 用法:
=== Set up Git to Diff Credentials
Rails provides `rails credentials:diff --enroll` to instruct Git to call `rails credentials:diff`
when `git diff` is run on a credentials file.
Running the command enrolls the project such that all credentials files use the
"rails_credentials" diff driver in .gitattributes.
Additionally since Git requires the driver itself to be set up in a config file
that isn't tracked Rails automatically ensures it's configured when running
`credentials:edit`.
Otherwise each co-worker would have to run enable manually, including on each new
repo clone.
如果您没有 rails credentials:diff...
可以合并它们,但您必须解密它们。
处理合并冲突时,可以运行 git mergetool 应该生成4个文件:
config/credentials.yml_BACKUP_84723.enc
config/credentials.yml_LOCAL_84723.enc
config/credentials.yml_BASE_84723.enc
config/credentials.yml_LOCAL_84723.enc
您可能需要在一个终端 window 中 运行 git mergetool,在另一个终端中 运行 此脚本:
请注意,这将在本地计算机上公开您的凭据。
# Temporarily move credentials file to another location
mv config/credentials.yml.enc ~/Desktop/credentials_temp.yml.enc
# Copy local file to original location
cp config/credentials.yml_LOCAL_* config/credentials.yml.enc
# Decrypt and send decrypted credentials to desktop
rails credentials:show > ~/Desktop/credentials_local.yaml
# Delete the copied local file
rm config/credentials.yml.enc
# Copy remote file to original location
cp config/credentials.yml_REMOTE_* config/credentials.yml.enc
# Decrypt and send decrypted credentials to desktop
rails credentials:show > ~/Desktop/credentials_remote.yaml
# Delete the copied remote file
rm config/credentials.yml.enc
# Move credentials file back
mv ~/Desktop/credentials_temp.yml.enc config/credentials.yml.enc
# See diffs or open both
diff ~/Desktop/credentials_local.yaml ~/Desktop/credentials_remote.yaml
# Delete the decrypted files
rm ~/Desktop/credentials_local.yaml ~/Desktop/credentials_remote.yaml
本地在左边。遥控器在右边。 享受吧。